Security Statement

section.io takes our users' security and privacy concerns seriously. We strive to ensure that user data is kept secure, and that we collect only as much personal data as is required to make our users' experience with section.io as efficient and satisfying as possible. We also aim to collect data in the most unobtrusive manner possible. This Security Statement is aimed at being transparent about our security infrastructure and practices, to help reassure you that your data is sufficiently protected.

User Security

section.io utilizes some of the most advanced technology for Internet security commercially available today.

  • section.io requires users to create a unique user name and password that must be entered each time a user logs on. section.io issues a session "cookie" only to record encrypted authentication information for the duration of a specific session. The session cookie does not include either the username or password of the user.
  • When a user accesses secured areas of our site, Secure Sockets Layer (SSL) technology protects user information using both server authentication and data encryption, ensuring that user data is safe, secure, and available only to authorized persons
  • Passwords and credit card information are always sent over secure, encrypted SSL connections.
  • Accounts which are SSL enabled ensure that the communications are transmitted over a secure, encrypted connection to the browser and to the origin.
  • section.io Optimsiation Nodes are hosted in PCI DSS Level 1 Infrastructure

Physical Security

  • Data center staffed and surveilled 24/7
  • Data center secured by security guards, visitor logs, and entry requirements (passcards/biometric recognition)
  • Digital surveillance equipment monitors the data center
  • Environmental controls for temperature, humidity and smoke/fire detection

Availability

  • MultiCDN capabilities for automated CDN availability management
  • Multiple independent connections to Tier 1 Internet access providers
  • Uptime monitored constantly, with escalation to section.io staff for any downtime
  • Servers have redundant internal and external power supplies

Network Security

  • Firewall restricts access to all ports except 80 (http) and 443 (https)
  • SSL integrity maintained between hops

Organizational Security

  • Access controls to sensitive data in our databases and systems are set on a need-to-know basis
  • We maintain and monitor audit logs on our services and systems (we generate gigabytes of log files each day)
  • We maintain internal information security policies, including incident response plans, and regularly review and update them

Software

  • Our engineers use best practices and industry-standard secure coding guidelines to ensure secure coding
  • Latest patches applied to all operating system and application files

Handling of Security Breaches

Despite best efforts, no method of transmission over the Internet, or method of electronic storage, is perfectly secure. Therefore, we cannot guarantee absolute security. If section.io learns of a security breach or potential security breach, we will attempt to notify affected users electronically so that they can take appropriate protective steps. section.io may also post a notice on our website if a security breach occurs.

Your Responsibilities

Keeping your data secure also depends on you ensuring that you maintain the security of your hosting environment.

Questions?

If you have any questions about security on the section.io website, please email us at support@section.io.